[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BeBox Security Hole?
This looks like fun...
Cheers,
Bob Hettinga
>Date: Mon, 16 Oct 1995 23:07:58 -0700
>From: [email protected] (Michael D. Crawford)
>To: [email protected], [email protected]
>Subject: Re: BeBox development questions and answers
>Message-ID: <[email protected]>
>
>Jonah Benton asked Melissa Rogers about security:
>
>>>>are there ways of excluding certain users from certain parts of the file
>>>>system?
>>>No
>>>>
>>>>i believe you support telnet- can multiple users telnet in at once?
>>>>
>>>Yes
>
>The answers to these two questions suggests the existence of the following
>serious security problem, which can cause breaches on any other machine on
>the network. This is a time-honored way for hackers to bust into machines
>on the Internet.
>
>do{
> telnet to an Internet host that does not have adequate security
>
> Patch the telnet client on the Be box to save keystrokes into a file
>
> Log out
>
> Wait a couple weeks
>
> Telnet back in, retrieve the file.
>
> Now you have the host names, account names, and passwords for several other
> machines
>}while ( Internet != destroyed );
>
>Would someone from Be care to clarify?
>
>This isn't exactly on-topic for this list, but it is a serious problem.
>It's been going on for years on other OS's.
>
>Mike
>
>Michael D. Crawford | I use anonymous digital cash from DigiCash.
>[email protected] | Join the e-Cash trial at:
>http://www.scruz.net/~crawford/ | http://www.digicash.com
>
-----------------
Robert Hettinga ([email protected])
Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131
USA (617) 323-7923
"Reality is not optional." --Thomas Sowell
>>>>Phree Phil: Email: [email protected] http://www.netresponse.com/zldf <<<<<